Typically modern computers use complex operating systems and run complex applications all of which may include vulnerabilities capable of being exploited by malicious users for malicious purposes. Whenever a new vulnerability within an operating system or application program is detected, the organisation responsible for the affected program usually prepares a “patch” for the program in question and offers the patch to the user for downloading and updating of his/her system. For the user's convenience, the relevant program (e.g. an operating system or an application) is often initially provided with an automatic updating facility (which forms a part of the program itself) which automatically contacts a remote server itself (usually either periodically or each time the program is run) to check to see if there are any “updates” available and if there are any found, it either automatically downloads and “installs” the patches itself without any user interaction or it notifies the user that updates are available and offers the user the option to initiate a download and install of the new available updates.
This approach generally works well. However, for very virulent malware, there is a risk that a vulnerability could be exploited before a suitable patch for the vulnerability is installed onto a user's system, even if the organisation responsible for the software in question has managed to build and make available for download a suitable patch. This could be either because the user has set his system to only look for patches either relatively infrequently or only on a manual basis (i.e. only when explicitly instructed to do so by the user). However, there is also a risk that a very virulent malware program could exploit a vulnerability even while the patch to repair the vulnerability being exploited is being downloaded and installed (since the download and install takes a finite amount of time itself).
What is more, since in order to download a patch it is generally necessary for the user's computer system to be connected to the Internet (as most updates are delivered over the Internet), there is a risk of a piece of malware being inadvertently downloaded from the Internet even while an update is being downloaded.
US 2009/0100420 describes an automated approach (and associated system and method) of updating, testing and distributing virtual machine images. A central repository holds many different virtual images for download by multiple client devices and periodically boots up each image and updates it as necessary and tests it before again storing the image ready for subsequent download by a client device. Updating or patching of each image is only performed once the virtual image is booted up and running and connected to the Internet so that it can download and apply any necessary patches in the normal manner.
US 2005/0257206 describes a system and method for updating an update module. The problem which this invention addresses is that a conventional update program cannot update itself because its own executable files are locked by conventional operating systems when they are in use, so while the updater is running it cannot update its own executable files. To overcome this problem the invention provides a two part updater comprising a bootstrap-updater part and an installation-updater part. The installation-updater part is operable to update all applications (including the bootstrap-updater part which does not run at the same time as the installation-updater part) apart from itself, while the bootstrap-updater part is operable to update the installation-updater part (which also does not run while the bootstrap-updater part is running). In this way, all applications on the system including the updater can be updated.
US 2011/0237234 describes a system suitable for use in an automobile in which a client device includes several virtual machines each of which is controlled by a virtual machine manager, wherein certain nodes running, within the client device are protected from accessing external databases directly and all communications to remote servers are handled instead by one of the virtual machines (with different virtual machines handling connections to different remote servers). The virtual machines act as buffers to prevent any risk of corruption of the nodes from external sources instead of allowing the nodes to do this themselves directly.
WO 2008/124560 describes a technology extension within a virtual environment such as a virtual corporate workstation, which may be remotely managed by a corporate IT administrator, which allows software which is running within the virtual environment and may therefore be managed by the corporate IT administrators, to have secured access to update, extend or otherwise change the behaviour of software that is running on an unmanaged host computer, which is associated with or is providing the virtual environment.
EP 2 239 494 Describes a method of performing a modular boot firmware update (where boot firmware may for example be a BIOS or an EFI). In the method, the computer is arranged to look for an updated boot firmware module on boot up and to run the updated boot firmware module rather than the old boot firmware module which it supersedes where it finds both an old and an updated boot firmware module at boot up time.
EP 2 214 114 describes a method of extending secure management of file attribute information to virtual hard disks (as opposed to non-virtual hard disks).